P/S: This might not be a new issue at all (But I documented it so I won't forget or at least know where to look )
from Alice in Wonderland
My life have it ups and downs . But last week was quite interesting, I was fortunate enough to be given a chance to conduct some lightning/bizzare art of penetration testing technique at a prestigious organization that can block PornHub.
During my class on pwning a Win7 box I noticed that IE8 have some bizzare behaviour MIME type intepreation behaviour.
On a plain/text Mime IE8 will CSS Javascript Input under CompatabileView Mode. (Default mode).
Well dat just sucks right?
POC.
Dat was expected. plain/text Mime was interpreted correctly.
Now on IE8
Can we steal cookies?
Solution?
1. Disable Compatible View if you are not a developer..
2. Upgrade to the latest IE
3. Don`t use IE at all
from Alice in WonderlandMy life have it ups and downs . But last week was quite interesting, I was fortunate enough to be given a chance to conduct some lightning/bizzare art of penetration testing technique at a prestigious organization that can block PornHub.
During my class on pwning a Win7 box I noticed that IE8 have some bizzare behaviour MIME type intepreation behaviour.
On a plain/text Mime IE8 will CSS Javascript Input under CompatabileView Mode. (Default mode).
Well dat just sucks right?
POC.
Dat was expected. plain/text Mime was interpreted correctly.
Now on IE8
 |
| I trip and spray :( |
Solution?
1. Disable Compatible View if you are not a developer..
2. Upgrade to the latest IE
3. Don`t use IE at all
